Apps Messaging: security
John Taylor
jontayler at gmail.com
Tue Apr 10 05:49:10 PDT 2007
I should point out that we are sending the private ids across the
wire in the clear. Can I take it that everyone is happy with that?
I really think that any form of encryption would be overkill.
On 10 Apr 2007, at 13:31, Mark Taylor wrote:
> On Tue, 10 Apr 2007, John Taylor wrote:
>
>>> It is probably wise to make that information available, for instance
>>> there may be messages which pass around the public IDs of an
>>> application
>>> which originated a data object, and the originating application
>>> might
>>> need to identify itself in this context. In which case it looks
>>> like
>>>
>>> (secret-id,public-id) = register*(hub-secret)
>>
>> Yes, that's probably better than providing a
>>
>> public-id=getPublicId(secret-id)
>>
>> which would be vulnerable to brute force. Alternatively, we could
>> define the
>
> actually that would be OK, and maybe tidier - we're vulnerable to
> brute force in any case (app.exec(secret-id,args="rm -r .")). We
> can just recommend that secret-ids ought to be hard to guess.
>
>> public id of an app to be a digest of the private id. Too
>> complicated?
>
> neat, but would require access to MD5 libraries or whatever in
> application
> code which is undesirable.
>
>
> --
> Mark Taylor Astronomical Programmer Physics, Bristol
> University, UK
> m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/
> ~mbt/
>
More information about the apps
mailing list